Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Improperly Controlled Sequential Memory Allocation Vulnerability (CVE-2026-8199)

Description

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Remediation

References

Related Vulnerabilities

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6422)

WordPress Plugin WordPress Simple Shop Cross-Site Scripting (1.2)

Django Inefficient Regular Expression Complexity Vulnerability (CVE-2023-36053)

PHP Out-of-bounds Read Vulnerability (CVE-2019-19246)

Ruby Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-28965)

Severity

Medium

Classification

CVE-2026-8199 CWE-1325 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities